Malware Analysis Tool: retoolkit

Reading Time: 1 Minute

Description

Retoolkit is a Reverse Engineering and Malware Analysis tool developed by the Mentebinaria group. It aims to provide a set of useful utilities for binary analysis and reverse engineering which includes various tools such as disassemblers, debuggers, hex editors, and memory viewers. It supports a wide range of platforms including Windows, Linux, macOS, and even some embedded systems.

The tool is built using Python and C++ and integrates with other popular reverse engineering tools such as IDA Pro and Ghidra. It provides an easy-to-use command-line interface, making it suitable for both beginners and advanced users. It is a comprehensive and flexible reverse engineering tool that can assist analysts in their analysis of binary files, malware, and other security-related tasks.

How to access the tools

After installing this program, you’ll have two ways to access the tools:

• Double-click the retoolkit icon in the Desktop.
• Right-click on a file, choose Send to ➡ retoolkit. This way the selected file is passed as argument to the desired program.

Why do you need it?

You don’t. Obviously, you can download such tools from their own website and install them by yourself in a new VM. But if you download retoolkit, it will probably save you some time. Additionally, the tools come pre-configured so you’ll find things like x64dbg with a few plugins, command-line tools working from any directory, etc. You may like it if you’re setting up a new analysis VM.

Download

The *.iss files you see here are the source code for our setup program built with Inno Setup. To download the real thing, you have to go to the Releases section and download the setup program.

Included tools

Have a look at the wiki for a detailed list.

Is it safe to install it in my environment?

Some included tools are not open source. You should use it exclusively in virtual machines and under your own responsibility.

Clone the repo from here: GitHub Link